The Third Man and the Authority of Chief Compliance Officers

This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.

Harry Lime is back, although he really never left us. As reported by Kristin M. Jones in a Wall Street Journal article entitled “Harry Lime Reborn,” the glorious British film noir The Third Man, written by Graham Greene and directed by Carol Reed, has been restored in a new digital version. It opens this week at select theaters and will tour the country this summer. The screenplay was adapted from the book of the same name. It is the rare movie that is at least as good as the book. Greene himself noted that the story “was never written to be read, but only to be seen.”

The story revolves around protagonist Holly Martin (played by Joseph Cotton) who goes to post-war Vienna at the behest of his college buddy Harry Lime (played with aplomb by Orson Welles). Martin arrives after a funeral for Lime and finds out that Lime was dealing in the black market. Martin searches for Lime, meeting his girlfriend and assorted shady characters along the way. He ends up leading the Military Police occupying the city to Lime and there is a final noir-classic chase through the sewers of Vienna.

What’s my favorite scene? There are way too many to name, but the clown’s head shadow is one of the great cinematic visions of undulated terror. The final chase through the sewers of Vienna is a classic. The dialogue is both chilling and funny. Chilling when Lime asks Martin, while they are at the apex of a Ferris wheel, whether he would refuse money to make the dot-like figures of humans below stop moving; funny when Lime says that 200 years of warfare — between the Borgias, the Medicis and the continual conflict in Italy — produced the flowering of the Renaissance, while 500 years of peace in Switzerland produced the cuckoo clock. Finally, there’s the haunting musical score, with Anton Kara’s use of the zither. The movie definitely ranks in my top 10 greatest movies of all time.

I thought about this movie in the context of the ongoing debate in the compliance world about whether a company could or should combine or separate the role of the Chief Compliance Officer (CCO) from that of the General Counsel (GC). There has traditionally been a split in companies on whether the CCO should report into a legal function and the GC or report directly to a company’s head officer. Mike Volkov noted, “According to the last PwC Compliance Survey, only 29 percent of CCOs have made it into the C-Suite, but that will increase. Only 27 percent of CCOs continue to report to the general counsel, while 34 percent report directly to the CEO.” Whichever path your company follows, it is imperative that the CCO speak from a position of authority.

One strong voice for the importance of the role and voice of the CCO in any organization is noted compliance expert Donna Boehme. She writes and speaks consistently on the characteristics for a successful CCO. Writing in the SCCE magazine, Compliance & Ethics Professional, in an article entitled “Five essential features of the Chief Ethics and Compliance Officer position,” Boehme articulated five essential features required for a CCO to be successful in an organization:

1. Independence
   
   It is imperative that any CCO have “sufficient authority and independence to oversee the integrity of the compliance program.” Some indicia of independence would include a reporting line to the company’s Board of Directors and audit/compliance committee, but more importantly “unfiltered” access to the Board. There should also be protection of employment, including an employment contract with a “non-discretionary escalation clause” and a requirement for Board approval for any change in the terms and conditions of employment, including termination. There must also be sufficient resources in the form of an independent budget and adequate staff to manage the overall compliance program.

2. Empowerment

   A CCO must have “the appropriate unambiguous mandate, delegation of authority, senior-level positioning and empowerment to carry out his/her duties. This can be accomplished through a “Board resolution and a compliance charter, adopted by the Board.” Additionally, the CCO job description should be another avenue to clarify the CCO “mandate, and at a minimum should encompass the single point accountability to develop, implement and oversee an effective compliance program.” All of the above should lead in practice to a “close working relationship with an independent Board committee.”

3. Seat at the Table

   The CCO must “have formal and informal connections into the business and functions of the organization – a seat at the table at important meetings where all major business matters (e.g., risk, major transactions, business plans) are discussed and decided.” She argues that, at a minimum, the CCO should participate in “budget reviews, strategic planning meetings, disclosure committee meetings, operational reviews and risk and crisis management meetings.”

4. Line of Sight

   The CCO should have “unfettered access to relevant information to be able to form independent opinions and manage the [compliance] program effectively.” This does not mean that the CCO should have veto power over functions such as safety or environmental or that such functions must report to the CCO, but unless there is visibility to the CCO for these risk areas, the CCO will not able to adequately assess and manage such risks from the compliance perspective. The correct structuring of the CCO role to allow it visibility into these areas will help the CCO coordinate compliance convergence training.

5. Resources

   It is absolutely mandatory that the CCO be given both the physical resources in terms of personnel and monetary resources to “get the job done.” I have worked at places where the CCO had neither, and the CCOs did not succeed because they never even had the chance to do so. Boehme focuses on both types of resources. Under monetary resources she points, as an indicator, to the independence of the CCO from the GC “rather than a shared budget.” This can also bleed over to headcount and shared or dotted-line reporting resources. There should be independent resources reporting into the compliance function.

Whichever way a company decides to go on this question, it must meet requirement number six of the Department of Justice’s minimum best practices requirement for a Foreign Corrupt Practices Act based compliance program, which reads:

The company will assign responsibility to one or more senior corporate executives for the implementation and oversight of the company’s anti-corruption policies, standards and procedures. Such corporate official(s) shall have direct reporting obligations to independent monitoring bodies, including internal audit, company’s Board of Directors or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy. 

Additionally this is reiterated in the 2011 Amendments to the U.S. Sentencing Guidelines, §8B2.1 (b)(2)(C), which states:

Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority and direct access to the governing authority or an appropriate subgroup of the governing authority.

If you have the chance to see The Third Man this summer, I urge you to do so. For a schedule of its showings across the country click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.